Xen users - Dec 2009 - (re)load new kernel with rebooting host node?

Hi all,

Is it possible to reload the dom0 / host node''s kernel with a newer
one, without rebooting the server? I know kexec can do something like
this for security patches, but I don''t know much about kexec, and I
don''t want to mess up a production server either. So, has anyone done
something like this before? I need to load a new kernel for one of the
domU''s iptables to work, but don''t want to reboot the whole
server and
cause downtime for the other domU''s.

-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Thu, Dec 3, 2009 at 2:02 AM, Rudi Ahlers <Rudi@softdux.com>
wrote:
> Hi all,
>
> Is it possible to reload the dom0 / host node''s kernel with a
newer
> one, without rebooting the server?
Not that I know of
> I know kexec can do something like
> this for security patches, but I don''t know much about kexec, and
I
> don''t want to mess up a production server either.
AFAIK current implementation of kexec works like a reboot, only
without going through BIOS and bootloader. At least that''s how it was
implemented in Ubuntu
> So, has anyone done
> something like this before? I need to load a new kernel for one of the
> domU''s iptables to work, but don''t want to reboot the
whole server and
> cause downtime for the other domU''s.
You shouldn''t need to that. What changes did you made on dom0? My
setup works fine with iptables on domU in a mostly-default setup.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Fri, Dec 4, 2009 at 11:04 PM, Fajar A. Nugraha <fajar@fajar.net>
wrote:
> On Thu, Dec 3, 2009 at 2:02 AM, Rudi Ahlers <Rudi@softdux.com> wrote:
>> I know kexec can do something like
>> this for security patches, but I don''t know much about kexec,
and I
>> don''t want to mess up a production server either.
>
> AFAIK current implementation of kexec works like a reboot, only
> without going through BIOS and bootloader. At least that''s how it
was
> implemented in Ubuntu
But have you, or anyone else, used kexec on a running server yet? And
how do I use it, without breaking anything?
>
>> So, has anyone done
>> something like this before? I need to load a new kernel for one of the
>> domU''s iptables to work, but don''t want to reboot the
whole server and
>> cause downtime for the other domU''s.
>
> You shouldn''t need to that. What changes did you made on dom0? My
> setup works fine with iptables on domU in a mostly-default setup.
>
Not much. The domU''s can''t use iptables, at all.

On a domU:

-bash-3.2# iptables -L
iptables v1.3.5: can''t initialize iptables table `filter'':
iptables
who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

And the domU''s kernel:

-bash-3.2# uname -a
Linux spare5.securehosting.co.za 2.6.18-128.7.1.el5xen #1 SMP Mon Aug
24 09:14:33 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux


The host node''s kernel:

root@usaxen02:[~]$ uname -a
Linux usaxen02.securehosting.co.za 2.6.18-128.7.1.el5xen #1 SMP Mon
Aug 24 09:14:33 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux



So, I thought of upgrading the kernel on both, and see if that helps at all?
> --
> Fajar
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>


-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On Sat, Dec 5, 2009 at 2:17 PM, Rudi Ahlers <Rudi@softdux.com>
wrote:
> But have you, or anyone else, used kexec on a running server yet?
Yes. That''s how I was able to tell you how it behaves :D
> And
> how do I use it, without breaking anything?
On Ubuntu, it''s part of kexec-tools. It comes with a nice man page. If
I remember correctly, the easy way to use it to modify some config
file so that when you run "init 6" (or similar) it would invoke kexec
(which is faster) instead of normal reboot. The "hard" way to use it
involves  specifying manually which kernel image (plus initrd and
command line) that kexec would run.

> Not much. The domU''s can''t use iptables, at all.
>
> On a domU:
>
> -bash-3.2# iptables -L
> iptables v1.3.5: can''t initialize iptables table
`filter'': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
>
> And the domU''s kernel:
>
> -bash-3.2# uname -a
> Linux spare5.securehosting.co.za 2.6.18-128.7.1.el5xen #1 SMP Mon Aug
> 24 09:14:33 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
>
>
> The host node''s kernel:
>
> root@usaxen02:[~]$ uname -a
> Linux usaxen02.securehosting.co.za 2.6.18-128.7.1.el5xen #1 SMP Mon
> Aug 24 09:14:33 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Here''s some simple question:
- where is the kernel located? domU or dom0? Do you use pygrub?
- does domU have /lib/modules/2.6.18-128.7.1.el5xen?

My guess is you use the kernel from dom0, but you don''t have the
corresponding module directory on domU.

-- 
Fajar

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users